On Tue, Mar 6, 2012 at 4:23 PM, Ian Hickson <ian@hixie.ch> wrote:
>
>> I hope a 500 error with a response body containing javascript cannot get
>> the http+aes URL from, say, window.location.
>
> A 500 error containing JS would be garbled and so couldn't access the URL.
Ian,
If I understand your reasoning here, it's that the body of the error would be
encrypted by an unknown key and therefore the attacker cannot put chosen
JS here?
If so, that's not obviously correct. Consider the case where the header of
the content is known (e.g., because it contains meta-information about
the content). In that case, an attacker can use the properties of CTR to
produce a ciphertext that maps to a predictable plaintext, thus
mounting the attack described here.
Best,
-Ekr